<?php
    function inject_check($sql_str) {
        return preg_match("/select|insert|and|or|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/", $sql_str);
    }
    
    function verify_id($id) {
        if(!$id) {
            return 0;
        } elseif(inject_check($id)) {
            return 0;
        } elseif(!is_numeric($id)) {
            return 0;
        }
        return intval($id);
    }
    
    
    function str_check( $str ) {
        $str1 = $str;
        if(!get_magic_quotes_gpc()) {
            $str1 = addslashes($str);
        }
        $str2 = str_replace("_", "\_", $str1);
        $str3 = str_replace("%", "\%", $str2);
        return $str3;
    }
    
    
    function post_check($post) {
        $post1 = $post;
        if(!get_magic_quotes_gpc()) {
            $post1 = addslashes($post);
        }
        $post2 = str_replace("_", "\_", $post1);
        $post3 = str_replace("%", "\%", $post2);
        $post4 = nl2br($post3);
        $post5 = htmlspecialchars($post4);
        
        return $post5;
    }